Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
14/05/2024, 04:07
Static task
static1
Behavioral task
behavioral1
Sample
3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe
-
Size
466KB
-
MD5
3dd3c456c8a2670cc15818d9f41a4613
-
SHA1
b40c850a8710112247e7c39199f99cce62d406db
-
SHA256
1182d0d49c2a859f1f013cdd20b3e700f3dd15dddf2b440f62a23cfb509424f6
-
SHA512
f74a3e8af702e0a684937717fdd7c0032a21d83b46b7e5235a8bc69b5322f610427e17f1a3fe819264f191fc7bda6a7032c89c624c89786aa6182b069b027a17
-
SSDEEP
6144:X7zBaC5KkjBsiZcMmvDrh9pNldiMVvmcBBTPKqXkltBKhjg/HHHHHH3tdjKMWBgK:Xn0C5TCdTLrOFcBBGqXkltzVdnWBgbu
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2192 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 296 PING.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2192 2312 3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe 30 PID 2312 wrote to memory of 2192 2312 3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe 30 PID 2312 wrote to memory of 2192 2312 3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe 30 PID 2312 wrote to memory of 2192 2312 3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe 30 PID 2192 wrote to memory of 296 2192 cmd.exe 32 PID 2192 wrote to memory of 296 2192 cmd.exe 32 PID 2192 wrote to memory of 296 2192 cmd.exe 32 PID 2192 wrote to memory of 296 2192 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\3dd3c456c8a2670cc15818d9f41a4613_JaffaCakes118.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:296
-
-